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(57) Abstract 

An entity such as a smart card (30) includes micropro- 
cessor means (36), input/output means (44) and PROM sto- 
rage means (42) which stores a set of transformations S{ (i= 1, 
.. M n) of a corresponding set of public factors Fj (i = 1, n), 
where Sj « F ; d (mod N), d being the secret key counterpart 
of a public key e associated with the modulus N, which is 
the product of two primes. An authentication device (32) 
which stores the public factors Fi and the values of N and e, 
generates an n-bit random vector V « vj which is transmit- 
ted to the card (30) where a product Y of the values S\ se- 
lected according to the 1-bits of V is computed and trans- 
mitted to the authentication device (32) which computes 
X act = Y* (mod N) and also computes X ref , the product of 
the F; selected according to the I -bits of V. If X act and X re r 
are equal, then the card is authenticated to within a certain 
probability. An analogous method is disclosed for certify- 
ing messages to be transmitted. In further embodiments, a 
higher degree of security is achieved by arranging for the 
entity being authenticated, or the certifying entity, to select 
an additional secret factor or plurality of secret factors. 
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METHOD AND DEVICE FOR AUTHENTICATION 

This invention relates to the authentication of devices 
and messages. 

It is a common requirement to verify the authenticity of 
data which may represent monetary value or may imply the 
authenticity of the entity generating that data. 

To impede forgery, only a manufacturing source which 
produces entities should possess the means to produce 
authentication devices for the entities. This implies 
that the source must possess some secret. The diffi- 
culty in proving authenticity is in providing the means 
to the authenticator to achieve that proof. Many 
systems employ an algorithm driven by a secret key such 
that a data string passed through the algorithm results 
in a secret transformation of that data. ' The data so 
transformed is used as an authentication certificate or 
code which may be tested by an authenticator. One 
method of testing involves the authenticator in perform- 
ing the same secret transformation of the data to yield 
an authentication certificate which is compared for 
equality with that provided by the source entity. 

The problem with this technique is that the authentica- 
tor must duplicate the data manipulation by the source 
so as to compare the result for equality. This means 
that an authenticator can forge an authentication 
certificate and claim that it emanated from the source. 
Another problem is that the authenticator must also have 
knowledge of the key. This problem is particularly 
acute if several entities need to authenticate another 
entity, since each must possess the secret key. 
Disclosure of this key by one authenticator therefore 
compromises all authenticators and the source. 
Furthermore, the secret key must be securely distributed 
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to each potential authenticator prior to the event. 
This therefore limits the ability to authenticate to 
only those trusted entities which were anticipated to 
require the function. 

Where it may be necessary for a large number of unpre- 
dictable entities to possess the ability to authenticate 
another entity, the use of secret key algorithms is 
somewhat impractical. Further, when it is desirable 
that the authenticator be completely denied the ability 
to forge an authentication certificate the duplicative 
equality test method cannot be employed. 

Another* k'hown technique employs the art of public key 
cryptography wherein an asymmetrical algorithm is used. 
Public key cryptography is described in the article: 
Communications of the ACM, vol. 21 , No. 2, February 
1978, pages 120-126, R.L. Rivest et al. n A Method for 
Obtaining Digital Signatures and Public Key Crypto- 
systems". In this known technique, a data element or a 
change sensitive compression of a data string is 
enciphered using a secret key or procedure. Authenti- 
city is proven by obtaining the original data element 
(or change sensitive compression) which is used as a 
reference value and then using a public key or procedure 
to decipher the data supplied by the source. Equality 
of the deciphered data with the reference data implies 
that the secret key or procedure was employed and thus 
that the data is authentic. 

This technique permits any entity to know the public key 
or procedure with which to prove the authenticity, of 
data emanating from an entity possessing the complemen- 
tary secret key or procedure. Consequently, the key^ 
distribution problem is significantly eased as prior 
knowledge and secrecy are not required. 
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However, the publicly known procedure must not .permit 
the secret key or procedure to be easily determined. 
Generally/ the. algorithms possessing this property 
require substantial computing power to perform the 
secret procedure. This usually renders them unsuitable 

for low cost devices where operational speed is a 
requirement. If multiple portable devices or the data 
emanating from them must be able to be tested for 
authenticity , then the secret key and algorithm must be 
contained in each device. In this case, disclosure of 
the secret key in one device will compromise all similar 
devices* 

This technique is therefore not practical for low cost 
replicated devices. 

European Patent Application No. 0 252 499 discloses a 
method for creating a unique card identifier in the form 
of a "smart card" which involves selecting a modulus 
which is a product of two primes, preparing a string of 
information unique to the card identifier, utilizing a 
pseudo-random function to transform such string and a 
plurality of selected indices to derive an associated 
plurality of values which are quadratic residues with 
respect to the modulus, computing the square roots of 
the reciprocals of the quadratic residues, and recording 
the information string, such square roots and the 
related indices in the card identifier* Such card is 
authenticated by transmitting the information string and 
the selected indices from the card to a verification 
device and generating in the verification device the 
quadratic residues utilizing the pseudo-random function r 
selecting in the card a random number, computing the 
squared value of the random number and transmitting such 
squared value from the card to the verification device , 
generating in the verification device a random vector 
which is sent to the card, computing in the card the 
product of the "random number and a selection of the 
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stored square root values dependent on the ronclom 
vector, transmitting the product to the verification 
device, squaring the transmitted product and multiplying 
such squared value by a selection of the computed 
quadratic residue values selected in accordance with the 
random vector, and checking that the result value is 
equal to the squared random number- This known method 
is complex and in particular involves the selection and 
utilization of quadratic residue values. 

It is an object of the present invention to provide a 
relatively simple method and apparatus for the authenti- 
cation of devices and messages. 

Therefore, according to a first aspect of the present 
invention, there is provided a method of manufacturing 
an entity, including the steps ofr 

(a) selecting a modulus N which is* a product of at least 
two prime numbers; 

(b) selecting an integer e which is relatively prime to 
<£(N)r where <p(N> is Euler's totient function of N; 
and 

(c) determining an integer d such that e.d = 1 (mod 
cp(N>), characterized by the steps of: 

(d) selecting a set of n public factors 
Fx, . .. , F n (0<Fi<N) ; 

(e) calculating Si = F^ d (mod H) for i=l, n; and 

(f) storing the n values Sj; (i=lr -**r n) and the 
value N in said entity. 

According to a second aspect of the invention, there is 
provided a method of authenticating an entity according 
to the first aspect of the invention, characterized by 
the steps of: 

(j) placing said entity in communication with an 

authentication device; 
(k) generating in said authentication device an n-bit 
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binary string V = V£ (i=l, • • ■ , n) 
(1) transmitting said binary string V to said entity; 
(m) calculating, in said entity 
Y -"jT s i (mod N) ; 



(n) transmitting Y to said authentication device; 

(o) calcula ting , in said authentication device 

X re f = I I Pi (mod N) ; and 
vi=l 

Xact = yG <mod N) ? and 
(p) comparing X re f and X aC f 

According to a third aspect of the invention, there is 
provided a method of certifying a message M generated by 
or presented to an entity manufactured according to the 
first aspect of the invention, characterized by the 
steps of: 

(q) computing a change-sensitive transformation H of 

said message M ; 
(r) generating an n-bit binary string 

V = V£ (i=l, n), using the computed value 

of H ; 
(s) com puti ng 

y = | | Si (mod N) ; and" 

Vi-1 

(t) appending Y as a message authentication code (MAC) 
certificate to said message M. 

According to a fourth aspect of the invention, there is 
provided an entity including processing means, input/ 
output means and memory means, characterized in that 
said memory means has stored therein a modulus N which 
is the product of at least two prime numbers and a set 
of n factors Si (i=l, n) where 

Si = Fi d (mod N) , 
where d is the secret key counterpart of a public key e, 
associated with the modulus N , and ?i (i=l, n) are 

n public factors, 0<Fi<N, and wherein said processing 
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means is adapted to compute 



Y =TTsi (mod N) 
vjL-1 



where V = v^ is an n-bit binary string. 

According to a fifth aspect of the invention, there is 
provided an authentication device for use with an entity 
according to the fourth aspect of the invention, includ- 
ing further processing means, further input/output means 
and further memory means, characterized in that said 
further memory means has stored therein said n public 
factors Fj[ (i=l, n) , said modulus N, and said 

public key e, and wherein said further processing means 
is adapted to compute 



X act = Y e (mod N) 
using the stored values of Fj[, N and e f and to compare 
X re f with X act - 

Embodiments of the present invention will now be 
described by way of example, with reference to the 
accompanying drawings, in which:- 

Fig, 1 is a block diagram showing the procedure utilized 
by a card issuer in creating a smart card; 

Fig. 2 is a block diagram of a card in operative 
association with a card acceptor device; 

Fig- 3 is a block diagram of a message source unit; 

Fig- 4 is a block diagram of a message authentication 
unit; and 

Fig. 5 is a diagram showing the map of a memory utilized 
in an alternative embodiment of the invention. 




(mod N) ; and 
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Firstly/ the theoretical basis underlying the invention 
will be explained/ as an aid to understanding the 
invention. It is known that/ if N is the product of (at 
least) two prime numbers P, Q, i.e., if 
N = P-Q; 

and if e is relatively prime to cp(N) , where 

C^(N) = (P-l).(Q-l) 
is Euler's totient function (the number of integers less 
than N which are relatively prime to N) / then, in 
modulus N arithmetic/ a value d can be determined (sec 
for example/ the aforementioned article by Rivest et al) 
which is the multiplicative inverse of e such that 

e.d = 1 (mod Cf> (N) ) . 
The value d is commonly referred to as the secret key 
counterpart of the public key e- 

Thus/ if 

X = Y e (mod N) / 

then 

Y = X d (mod N) 

for all values of Y/ 0<Y<N- 

Furthermore/ if 

X = Fi • F2 F n (mod N) (1) 

where Fj[ (i « 1/ , n) are integer values, with 

0<Fi<N 

then 

x d „ P]L d . p 2 d p n d ( mo d N) 

and 

X d (mod N) = (Fi 5 (mod N) • F 2 d (mod N) ... F n d 

(mod N) } 
(mod N) 

Let 

Si = Fi d (mod N) ; i=l/ ... / n (2) 

Then 

X d (mod N) « Si . S2 - • • S n (mod N) 

Let 

Y = X d (mod N) 
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Therefore 

y = Si . S2 S n (mod N) (3) 

Let V represent a binary string of n bits, V* = ... v n 

such that each bit V£ of V is a flag indicating the 

inclusion of the corresponding F^, --.r F n and S^, . - . , 

S n in the calculation of X and Y respectively, so that 

X « TT Fi (mod N) . <4) 
v ± -l 

From (3) 

Y = J j Si (mod N) (5) 

Therefore, provided that the N and d values employed in 

(1) and (2) satisfy the ab ove requirements , then 

X =TTfi (mod N) ={J*/ Si (mod N)1 G (mod N) 
Vi=l Vi=l 

= Y e (mod N) 

for all values of Fir 0<Fi<N. 

With the above in mind, a first embodiment of the 
invention will now be described, wherein multiple low 
cost devices, in the form of entities which will be 
referred to in the descriptions of the preferred 
embodiments as smart cards, are produced by a card 
issuer and distributed to individuals. The embodiment 
enables such issued cards to be expeditiously 
authenticated by verifying devices. 

Referring first to Fig 1, a card issuer selects, as 
shown at box 12, a plurality of n public factors Fi 

(i=l, , n) , where 0<Fi<N, and such factors, together 

with the value of the modulus N and the value of e are 
made publicly available to authenticators , that is, 
organizations which may wish to authenticate smart cards 
issued by the smart card issuer. In a particular 
application a suitable value for n is 32, and the value 
of U is in the range 2 512 <N<2 513 . 



The card issuer computes the n values Si, where 
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S i = Fi a (mod N) i=l, . .., n 
as shown at box 14 , using provided values of N and d 
(box 16) , where d is maintained secret. These values 
are also maintained secret. The card issuer then issues 
cards which contain n values Si (i=l, «, . . , n) stored in 
a secure manner, for instance in a secure PROM. It 
should be understood that by a "secure PROM" herein is 
meant a PROM the contents of which are protected from 
unauthorized read-out, for example, such protection may 
involve software protection and hardware protection in 
the form of shielding. 

When it is desired to authenticate a smart card 30, Fig. 
2, the card 30 is inserted into a card acceptor device 
32, whereby a data communication path 3 4 is established 
between the smart card 30 and the .card acceptor device 
32. 

The smart card 30 includes a microprocessor 36, a RAM 
38, a program PROM 40 which stores the program control- 
ling the operation of the card 30, a secure PROM 42 
containing the n values S± (i=l, n). stored in 

respective storage locations 102-1 to 102-n and the 
value N stored in a storage location 104, and an input/ 
output unit 44. Alternatively, since N is a public 
value, it could be stored in the RAM 38. The devices 
36, 38, 40, 42 and 44 within the card are interconnected 
by a communications bus 46. 

The card acceptor device 32 includes a microprocessor 
50, a RAM 52, a program PROM 54 which stores the program 
controlling the operation of the acceptor device 32, a 
keyboard 56, a display 58, a printer 60, a random number 
generator 62, and an input/output unit 64. The RAM 52 
includes storage locations 112-1 to 112-n storing the n 
public factors Fi, F n and storage locations 114, 

116 storing the values N and e, respectively. The 
various units located in the card acceptor device 32 are 
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interconnected by a communications bus 66. 

When a card 30 inserted into the card acceptor device 32 
is to be checked for authenticity, the random numbcc 
generator 62 generates an n-bit random number V having n 
bits v^ (i=l, . • . , n) . In order to ensure that V 
contains at least two bits equal to binary 1, the 
microprocessor 50 is controlled, if necessary, to set 
the least significant bits of V progressively to binary 
1 until at least two binary 1 bits are present in V. 
Thus, if the initial value of V is all zero bits, then 
the two least significant bits are set to binary 1. The 
value V is stored in the RAM 52. 

The value V is then transmitted from the RAM 52 via the 

input/output unit 64 over the communication path 3 4 and 

the input/output unit 44 and is stored in the RAM 38 

contained in the card 30. The microprocessor 36 checks 

that V contains at least two binary 1 bits, and if so, 

compute s the value Y where 

Y = 1 | Si (mod N) 
vi«l 

using the values Sj[ stored in the PROM 42. 

The value Y is then transmitted via the input/output 
unit 44, the transmission path 34 and the input/output 
unit 64 and is stored in the RAM 52. Using the values 
Fi (i=l, n) V, and e, stored in the RAM 52, the 

microproce sso r 50 then computes 
x ref =TT F i < mod N) 

Vi-1 

and - 

X acfc = Y e (mod N) , 
and tests whether 

x ref ~ x act* 

Equality implies the authenticity of the X ac t response 
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with probability of 1:N. The authenticity of the card 
30 producing the response has a probability of l:2 n -n. 
By issuing repetitive random challenges in the form of 
random values of V, the probability that the card 30 is 
authentic increases exponentially by l:(2 n -n)3 where j 
is the number of challenges issued. 

It will be appreciated that the card 30 needs only to 
compute^^^. 

Y =[i Si (mod N) 
Vi=l 

to respond to a challenge. Since this is at most n-1 
multiplications using modulo N arithmetic, the work 
factor is significantly less than Y = X re f d (mod N) for 
any large value of d. In this connection, it will be 
appreciated that since d is in effect the secret key 
associated with the card 30 f and given that 

e.d = 1 (mod<p (N) ) 
then d will be in the order of magnitude of 2N/3 for 
convenient values of e. Thus, in the described embodi- 
ment, authentication security comparable to that achiev- , 
able with public key digital signature methods is 
achieved with significantly less computational effort. 
Furthermore, with no secret key used during the authen- 
tication process, it is possible to produce multiple 
cards 30 loaded with the S^, S n values which may be 

dynamically challenged by a verifying device to achieve 
similar confidence levels to those obtained with public 
key digital signature authentication methods. 

It will be appreciated that the result of the authenti- 
cation procedure can be indicated on the display 58 and/ 
or recorded by the printer 60. 

In a second embodiment of the invention, a data string 
forming a message M is authenticated by appending a 
certificate thereto. Such message M could, for example, 
be a data string representing a legal document, a 
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program file, or other information. Referring to Fig. 
3, there is shown a message source unit 30A, which 
includes a message buffer 70 adapted to temporarily 
store a message H to be authenticated. The message 
source unit 30A further includes a microprocessor 36A, a 
RAM 38A, a program PROM 40A, a secure PROM 42A and an 
input/output unit 44A connected to a communications path 
34A. The message source unit 30A also includes a com- 
munications bus 46A interconnecting devices 36A r 3SA, 
40A, 42A, 44A and 70 therein. It will be appreciated 
that the devices having the references with suffix A in 
Pig. 3 correspond to similarly referenced devices in the 
smart card 30 shown in Fig. 2, and in a practial imple- 
mentation, the message source unit 30A could be a smart 
card. Furthermore r the secure PROM 42A stores the 
values Si, S2r . S n in locations 102A-1 to 102A-n, the 
value of the modulus N in storage location 104A and the 
value of e in storage location 106A. Clearly, the 
values of N and e r being public values, could alterna- 
tively be stored in the RAM 38a. 

A message M stored in the message buffer 70 is authenti- 
cated by appending thereto a message authentication code 
(MAC) which is computed in the following manner. 

Using the stored values of N and e r the microprocessor 
36A first computes a change-sensitive transformation H 
of the message M. In the preferred embodiment, this is 
effected by computing: 

H = M e (mod N) 
The value H is then converted to a binary value J r which 
is segmented into sub-fields of length n (with padding 
of an incomplete field with predetermined binary bits if 
necessary) and the individual sub-fields are added 
together modulo 2 (exclusive-or operation) such* that the 

resultant binary string is used as V = v A (i=l, , n) 

in the calculation of Y , where 
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Y » I I Si (mod N) , 
as described in the first embodiment. 

This value of Y is then appended as a message authenti- 
cation code (MAC) when the message M is transmitted from 
the message source unit 30A via the input/output unit 
44A to a communication path 34A. 

An authentication device 32A , Fig. 4, which is of 
generally similar construction to the card acceptor 
device 32 shown in Fig. 2 may be used to authenticate 
the transmitted message M . The authentication device 
32A includes a message buffer 72, a RAM 52A, a program 
PROM 54A, a keyboard 56A, a display 58A, a printer 60A, 
an input/output unit 64A and an interconnecting commu- 
nications bus 66A. 

Stored in the RAM 52A, in locations 112A-1 to 112A-n, 

114A and 116A, are the public factor values Fi, , F n , 

together with the public key e and modulus N* 

The message M, received over the communications path 3 4A 
is stored in the message buffer 72, together with the 
MAC , Y. 

Using the received message M, the microprocessor 50A 
computes H and J to obtain V as in the message source 
unit 3 OA, and then computes 
Xref =TTFi (mod N) 



utilizing the public factors F± stored in the RAM 52A. 

Using the received value Y stored in the message buffer 
70 f the microprocessor 50A then computes 
X act * Y e (mod N) • 




Finally, the values of X act and X re f are compared using 
the microprocessor 50A. Equality of X ac t a nd x ref 
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implies that the message source unit 30A possessed S± , 

, S n , and thus that the message M is authentic, 

within a probability of 1:N. It will be appreciated 
that this embodiment has the advantage that a low cost 
device (message source unit 30A) may readily certify 
data emanating from it with a probability of 1:N. 

It should be understood that in the second embodiment r 
as in the first embodiment, in order to protect the 
values from disclosure, * it must be ensured that V 
contains at least two binary 1 bits, by progressively 
setting the least significant bits of V to binary 1 if 
necessary. 

The second embodiment of the invention has, the further 
advantage that several message source units 30A or the 
data emanating therefrom may be authenticated without 
the unit actually being present at the time of authenti- 
cation. This ability is particularly useful for authen- 
ticating messages which may have been produced some time 
earlier by various message source units 30A, in the form 
of low cost devices such as smart cards. Multiple 
message source units may share the same F^, . F n 
values which would be standardized for the scheme, with 
individual integrity being ensured by various values of 
e and N* 

However, it is preferred to standardize e and F± r .-.r 
F n for all users of an authentication scheme within a 
group of users and for the operator of each message 
source unit to publish a specific value N to be used for 
his message source unit* Should an operator possess 
several such units, rather than specifying a unique 
value of N for each unit, integrity can be assured in a 
manner which will now be described with reference to the 
third embodiment of the invention. 

According to a third embodiment of the invention, a 
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message M may be authenticated as originating from a 
unique message source unit among a set of such message 
source units sharing the same Fir • F n and N and e 
values* This has the advantage that it is infeasible 
for one member of such a set to masquerade as another 
member of the set. For this purpose, the operator of 
the system allocates to each message source unit a 
public factor Fi D which is unique to that source unit- 
Furthermore, the operator of the system computes, for 
each such F ID value, a corresponding S ID value; 

S ID = F ID d * mod N) ' 
where d is the system secret key, and stores Sj D in the 
secure memory of the relevant message source unit. 

Referring to Fig. S, there is shown a diagram of the 
secure PROM 42B included in the message source unit. 
The PROM 42B contains storage locations 102B-1 to 102B-n 
storing the n values S lr S n , respectively , storage 

locations 104B and 106B storing the values N, e, res- 
pectively, and storage locations 108, 110, storing the 
values F ID , S XD , respectively. 

In the third embodiment, it should be understood that 

the operation is generally similar to that described for 

the second embodiment, except that the calculation of 

the MAC, Y, is made according to the formula 

Y = S ID - \ I Si (mod N) , 
vi=l 

using the stored S rD and Si values. Correspondingly, 
the calculation of X re f in the message authentication 
unit is made according to the formula 

Xref = F ID -TT F i (mod N) ' 
Vi-1 

using the stored Fi values, with the F ID value being 
included in the certified message transmitted from the 
message source unit to the message authentication unit 
for use in the computation of X re f. 

It will be appreciated that in the third embodiment, 
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with Sid included in the computation of y, the 
requirement that V contains at least two binary 1 bits 
is reduced to the requirement that V should be non-zero. 

The embodiments described hereinabove may be used for 
any application where it is desired to authenticate 
entities or the data emanating from them. An important 
application however, is to an intelligent financial 
transaction tok^n or smart card used in Electronic Funds 
Transfer at the Point of Service (EFTPOS) . For several 
reasons of cost and security it is perceived that the so 
called "smart card" provides a highly effective 
technology for EFTPOS. 

A fundamental reason for using smart card technology is 
to enable a transaction to be completed fully off-line 
from the card issuer f s authorization system with a 
minimum of risk to the various parties affected. 

From a risk analysis point of view, the following areas 
must be considered 

(a) Is the card holder legitimate? 

(b) Is the card authentic? 

(c) Is the implied value loaded into or dispensed 
by the card authentic? 

(d) Is the transaction claim made by the card 
acceptor authentic? 

Card holder authenticity is generally effected by 

employing a Personal Identification Number (PIN) which 

is verified by or with the smart card prior to sensitive 

operations being initiated. Such PIN may be entered via 

a keyboard such as the keyboard 56 r Fig. 2, or by a 

keyboard (not shown) integral with the card. 

It is commonly perceived that card authenticity needs to 
be established prior to transferring value to prevent 
bogus funds being loaded into or dispensed by the card. 
However/ this requirement in essence occurs with many 
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implementations because it is not possible to authenti- 
cate at the point of service the value data exchanged* 

Therefore/ considering the dispersal of value from a 
card, provided that the card could itself produce an 
authentication certificate for the data emanating from 
it such that the certificate could be tested by any 
other entity, then card authentication is unnecessary. 
This has significant consequence for remote card authen- 
tication or home banking applications/ as the need for a 
trusted card authentication device at the point of card 
acceptance is eliminated • This possibility also enables 
any intermediate entity handling the value message 
between the card and the entity guaranteeing the funds 
to test the authenticity of the data in order to under- 
take settlement actions. In this sense, the potential 
exists for true electronic currency. 

Considering the loading of value, if it can be shown 
that data emanating from a card is authentic, it must be 
assumed that only an authentic card could perform the 
certificate calculation corectly. Therefore/ if only an 
authentic card can correctly dispense funds, then the 
requirement of preventing the loading of bogus value can 
be readily met by designing authentic cards such that 
they will reject an attempted loading of bogus value 
themselves • 

Since the card contains the ability to generate certifi- 
cates, it could therefore check a certificate as well. 
This could be done in a fourth embodiment of the 
invention by calculating a certificate for value load 
data presented to the card in the same manner as done by 
the card itself and appending that certificate to the 
^alue load data. The card could replicate that opera- 
tion and compare the result with the presented certifi- 
cate. The presumption is that only the entity guaran- 
teeing dispensed value could correctly load value so 
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that it Is assumed that this entity knows the secret 
certificate calculation method. 

However, this technique would require the entity 
generating the load value certificate to have available 
a record of each card's secrets (given the potential 
size of card networks, the possibility that several 
value generators may wish to load value, and the highly 
desirable need to uniquely authenticate each card) this 
requirement could become impractical. 

The primary advantage of the embodiments described here- 
inabove is that any entity may easily test the authenti- 
city of data emanating from .another entity. If it was 
considered* that the source of the value load data was a 
similar entity to the load accepting entity, then any 
other entity including the destination card itself could 
similarly easily test the load data for authenticity 
prior to acceptance* 

Thus, the need to authenticate a card or, conversely, 
the need for the card to authenticate the load device is 
eliminated if the techniques of public message authenti- 
cation as described in the third embodiment are 
employed. 

Thus, the fourth embodiment of the invention provides, a 
means and method for eliminating the need for trusted 
terminal devices, which may have the capability of 
adding information or value to the entities in the set, 
by delivering such information with an authentication 
certificate such that the member entity can authenticate 
that information as emanating from the identified source 
prior to its acceptance. In the fourth embodiment the 
member entity (smart card) possesses both the ability to 
generate its own certificates and also test certificates 
from other entities by employing in the first case the 
techniques of the third embodiment to generate certi- 
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ficates and in the second case the complementary 
techniques of the third embodiment to test certificates. 

In this fourth embodiment, the card may additionally 
contain stored therein the F^, N and e values appro- 
priate for each value load generator which is authorized 
by the card issuer to perform the value load function. 
For convenience , all generators should employ the same 
public factors Fi and public key e, with individual 
integrity being obtained by the use of different N 
values- 

Although in the preferred embodiments/ the calculations 
within the card 30, and acceptor device 32, message 
source unit 30A and message authentication unit 32A have 
been described as being effected by microprocessors 36, 
50, 36A, 50A, it should be understood that in a modifi- 
cation, each microprocessor may be associated with a 
respective dedicated calculation unit which performs the 
function 

f (P) = P.M (mod N) . 

Such dedicated circuitry may use shift register and 
serial adder/subtractor elements such that a value M is 
multiplied by a value P while simultaneously the value N 
is subtracted, if necessary, to yield within a single 
computation cycle the desired product value P,M (mod N) . 
By this means, the function 
Y =TT s i (mod N) 

Vi=l 

may be computed with the values being progressively 
presented as indicated b$r the values of the bits of 
V. 



WO 89/11706 



PCT/US89/01944 



- 20 - 

The embodiments described above provide a high degree of 
security both for the authentication of entities and for 
the certification of messages. However, it should be 
understood that, depending on system implementation, a 
sophisticated attacker could compromise a system 
employing such authentication and/or certification 
techniques, as will now be explained. Thus, since the 
factors Fi and Si are selected for multiplication 
according to the value of V, it follows that, if the 
system design permitted an appropriately manipulated 
authentication device to generate any desired values of 
V, for example, if the values 

V a = 3 (decimal) « Oil (binary) 

and V5 * 7 (decimal) = 111 (binary) 
could be freely chosen, then corresponding Y values 
Y a = S1.S2 (mod N) 

and Yfc = S1.S2.S3 (mod N) 
would be produced. 

Since 

S 3 = Yt>/Y a = (S1.S2.S3)/ (Si.S2> (mod N) , 
S3 is disclosed. Similarly, any desired S^ can be 
ascertained, provided that division operations can be 
effected • Due to the modulus N operation on Y a and Y5, 
simple division will not necessarily yield a correct 
value. However, since N is a composite of large prime 
numbers (usually two) , then most numbers in the range 1 
to N-l will have a modulo N reciprocal, i.e. given Y, 
there is, generally, a value Y" 1 , such that 

Y.Y" 1 « 1 (mod N) 
Known mathematical techniques can be utilized to find 
such reciprocal value Y" 1 . 
Hence, S3 = Yb-Y a ~l (mod N) 

can be determined, and, by similar techniques, the 
remaining S^ can also .generally be ascertained. Having 
ascertained the Si values, the sophisticated attacker. 
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using suitable hardware could fraudulently effect 
authentication and certification procedures. 

To avoid such an attack, it should be made infeasible to 
select V values which yield a set of Y values which can 
be manipulated to yield single factors Si. 

In a fifth embodiment of the invention, this problem is 
alleviated by including an additional public parity 
factor F p and associated secret factor S p in the system, 
where 

S p - F p d (mod N) , 
and arranging that all Y values are the product of an 
even number of factors, utilizing S p if necessary, thus 
preventing the ascertainment of any single factor. For 
example, with this arrangement, 

for V = 1 (decimal), Y ■ Si.Sp (mod N) 

for V = 2 (decimal), Y » S 2 .S p (mod N) 

for V = 3 (decimal), Y = Si.S 2 (mod N) , etc. 

Thus, in the arrangement described with reference to 
Fig. 1, a card issuer selects an additional public 
factor F p , calculate S p and store S p in the cards to be 
issued. Similarly, in the message certification system 
described with reference to Figs. 3 and 4, the addi- 
tional secret parity factor S p is stored in the PROM 42A 
and the corresponding public parity factor F p stored in 
the RAM 52A. Again, with the unique identification 
arrangement described with reference to Fig. 5, the 
secret parity factor S p is stored in the secure PROM 
42B, in addition to the Sjd value, and with this 
arrangement, there is the further advantage that V can 
be in the full range of 0 to 2"-l. This is desirable 
for message certification since it eliminates any need 
to adjust the message hash result. Thus, with this 
arrangement , 
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for V = 0 (decimal) , Y = Sj^-Sp (mod N) 
for V = 1 (decimal), Y = S ID .Si (mod N) 
for V = 2 (decimal), Y = S ID .S2 (mod N) 
for V = 3 (decimal) / Y = S ID .Si.S2-S p (mod N) , etc. 

Although it could be argued that if the fifth embodiment 
is utilized/ an attacker could selectively extract all 
factor pairs r 

e.g. S 1 .S 2 = V3.V0- 1 , 
and use these pairs to produce bogus certificates in a 
message certification scheme, such an attack may be 
infeasible due to the number of pairs needed to be 
obtained and fraudulently used in systems where n has a 
suitably large value- 

Another way to prevent selective extraction of Sj_ values 
by an attacker is to ensure that any Y value is not 
consistently related to any other Y value. This can be 
achieved by including a variable component in the Y 
calculation which cannot be controlled or predicted by 
an attacker. Such variable component should be chosen 
from a large enough set of possible component values to 
make the reoccurrence of any specific value statis- 
tically improbable. That is, the number of Y values 
needing to be obtained to ensure that the same variable 
component is included in the calculation, should be 
infeasibly large for an attacker. 

Firstly, it will be appreciated that the Y values are in 
fact a base set of 2 n values pseudo-randomly distributed 
within the set bounded by 1 and N-l. Secondly, it will 
be appreciated that the numerical separation of these Y 
values is in fact precisely determined. Application of 
an offset value which was applied to all Y values in the 
base set would in effect produce another set of 
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precisely separated Y values within the set 1, N-l. 
Thus, provided that the number of Y sets which could be 
produced by offset was large enough to be statistically 
unique, then mathematical extraction of the factors 
making up a certain Y value would be infeasible, unless 
the set offset value was known, since the number of 
valid Y values within the set 1, N-l would be increased 
from 2 n to 2 n times the number of Y sets. 

In the extreme case, consider that the number of Y sets 
was N-l then the number of valid Y values would be 
2 n .(N-l). This would raise the probability that an 
entity producing a Y value was authentic, or that a 
message from the entity was authentic, from 
2 n to 2 n .(N-l). For typical N values 2 512 < N < 2 513 
then the order of probability of authenticity would be 
2 n# 2 512 . This is not true in practice since the total 
of Y values available is N-l, limiting the probability 
to 1:(N-1). Clearly since this order of probability far 
exceeds any reasonable requirement, the number of Y sets 
could be substantially reduced. If s equals the numbet 
of binary bits available to denote the set number then 
the number of sets would be 2 s giving an authenticity 
probability of 2 n .2 s or 2 n+s . Note that in principle n 
and s could be varied in size to obtain the order of 
probable authenticity protection desired in the system. 
However, since the 2 n component may be selectable via V 
by an attacker the 2 s component should be large enough 
to make such an attack infeasible. Also, note that n 
determines the range of V and should be large enough to 
preclude undetected manipulation of message contents 
when V results from a hash function of a message. 

In such a system it is necessary to communicate to the 
authenticator the Y set employed for a particular Y 
calculation by the certifying entity. If this was 
directly disclosed as an offset value, then the 
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aforementioned attacks could still be executed since 
reversing the offset process would yield the original 
base set of Y values and thus by extraction, the base 
set of Si values- Consequently, the offset value or set 
identifier should be provided in a manner usable by the 
authenticator for Y testing but not for Y factoring. 

For example , it is possible to include in the authen- 
tication protocol a value F se t which is passed to the 
authenticator for each Y calculation, F se t is produced 
by the certifier selecting a set number S set and comput- 
ing 

Fset = S se t e N) 
Note that S se t cannot be determined from F set without 
knowledge of d. Thus, for entity authentication, the 
entity? 

(i) Selects an S se t 

(ii) Computes F S et = s set e (mod N) 

(iii) Communicates F se t to the authentication device, . 
which 

(iv) Selects a V value and communicates this value to 
the entity, which computes 

(v) Y = S se f [ \ S± (mod N) which it communicates to 

Vi=l 

the authentication device, which tests Y by 

(vi) X re f = Fset* TT F i (mod N) 

Vi=l 

= X act = Ye (mod N) . 

Note that, since F se t is a pseudo-random distribution 
within the set 1, N-l from which it is not feasible to 
determine S set , then it is not necessary to choose S se t 
randomly. The protection from analytical attacks can be 
obtained merely by ensuring that S se t does not predic- 
tably repeat within an attack session. One such method 
to achieve this is to run an incremental count of Y 
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'calculations and to use this count value to update S se f 
This method has the further advantage of providing to 
the entity originator a method of cryptographically 
checking for lost or duplicated messages delivered to 
him from the source entity. 

Thus, in a sixth embodiment of the invention, for 
message certification, 

Y = S ID .S set -TT Si.Sp (mod N) 
Vi=l 

where S set - a function of the counter value 
S ID = F ID d (mod N) 
s i ~ F i d (rood N) 

S D = F D d (mod N) optionally included if V has 
p y even parity, 

and the certificate Y is calculated across a message 

including F ID , F se t therein, where F set = S set e (mod N) . 

To generate the S set counter values a hardware counter 
could be provided in a smart card or entity to be 
authenticated, such as the card 30, Fig. 2, or in a 
message source unit such as the message source unit 30A, 
Fig. 3. Alternatively, the microprocessor 36 or 36A 
therein could be programed to provide a counting opera- 
tion using storage locations in the RAM memories 38 or 
38A. An analogous arrangement could be utilized when a 
unique identifier factor S ID and associated F ID are 
employed as described hereinabove with reference to the 
third embodiment of the invention. 

In the just mentioned system the protocol is enlarged by 
the inclusion of F se t- This is unimportant for inter- 
active entity authentication by locally communicating 
devices but may be an unacceptable overhead for message 
certification . 
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A further method of pseudo-randomly varying the base set 
of Y values which does not add significantly to the 
protocol is to utilize precalculated offset values the 
selection of which is advised to the authentication 
device* 

In a seventh embodiment of the invention, V, which is 
made up of n bits, is split into two parts, V s and V a , 
where V s is chosen by the certifier, and V a as before is 
chosen in the authentication device (or determined by 
the message content) • The number of bits in each of V s 
and V a is predetermined. For example, where n=32, each 
of V s and V a could have 16 bits. The bits of V s are 
used to select the S se t offset value with the bits of V a 
being used to select the S a values. Note also that the 
s set offset values can be combined to yield 2 ns offset 
values, where ns is the number of base offset values 
available. 

Thus, in the seventh embodiment, 



x act = ye (mod N) r as before. 
The values S s i = P s i d (mod N) are stored by the certif- 
ier (smart card or message source unit) and used in a 
similar manner to the S a i values, but selected by the 
certifier pseudo-randomly. 

The values F s ^ are made publicly available in the same 
manner as the F a i values. 




(mod N) ; 




si 



ai 



(mod N) ; and 



In this embodiment, V s rather than F se t would be 
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included (and hashed for V a ) in the certified message. 

Thus, for message certification where the unique 
identifier factors 

Sid and F ID are utilized, 

M = V s , Fjd, Message. 

As in the second embodiment, a change-sensitive 
transformation H of the aggregate message M is formed, 
and the value of V a derived therefrom. The following 
calculations are then eff ecte d: 

Y = S ID . TT S si . ]~T S ai (mod N); and 
Vsi-1 v ai=l 

Xref - F ID-TT f s- 1 r F ai (mod N) . 
V si =l V ai =l 
It can be seen from the above that the authenticity of a 
particular Y value is as before IsN. The authenticity 
of the entity producing the Y value (entity forgery) is 
determined by the number of bits in V s and V a and is 
therefore l:2 ns+na . 
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CLAIMS 

!• A method of manufacturing an entity (30 r 
30A) f including the steps of: 

(a) selecting a modulus N which is a product of at least 
two prime numbers; 

(b) selecting an integer e which is relatively prime to 
<p(N) , where <p(N) is Euler's totient function of N; 
and 

(c) determining an integer d such that e.d = 1 (mod 
<^>(N) ) r characterized by the steps of: 

(d) selecting a set of n public factors 
Fir ... / F n (0<Fi<N); 

(e) calculating Si = Fi d (mod N) for i=l f n; and 

(f) storing the n values Si (i=l, ... f n) and the 
value N in said entity- 

2. A method according to claim 1, character- 
ized in that said n values Si are stored in a program- 
mable read-only memory (PROM) (42, 42A, 42B) included in 
said entity (30, 30A) • 

3- A method according to claim 2, character- 
ized in that said entity (30 r 30A) includes processing 
means (36 r 36A) and input/output means (44 f 44A) . 

4. A method according to claim 1, character- 
ized by the steps of: 

(g) assigning a public factor Fjd unique to said entity; 

(h) computing 

S ID = F ID d (mod N) ; and 

(i) storing the value Sj^ in said entity . 

5. A method of authenticating an entity (30 , 
30A) according to any one of claims 1 to 4, character- 
ized by the steps of: 

(j) placing said entity (30 , 30A) in communication with 
an authentication device C 32 ^ 32A) ; 
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(k) generating in said authentication device (32, 32A) 
an n-bit binary string V = Vi (i=l, n) 

(1) transmitting said binary string V to said entity 
(30, 30A); 

(m) calculating, in said entity (30, 30A) 

Y = ( | Si (mod N) ; 

VjL =l 

(n) transmitting Y to said authentication device (32, 
32A) ; 

(o) calculating, in said authentication device (32, 
32A) 

F* (mod N) ; and 

vi=l 

Xact = ye (mod N) ? and 
(p) comparing X re f and X aC f 

6. A method according to claim 5, character- 
ized in that said authentication device (32, 32A) 
includes storage means (52, 52A) adapted to store said 
public factors Fj, . .., F n/ and the values of N and e- 

7. A method according to claim 6, character- 
ized by the step of repeating said steps (k) to (p) a 
plurality of times, using random values of V. 

8. A method of certifying a message M 
generated by or presented to an entity (30, 30A) 
manufactured according to any one of claims 1 to 4 
characterized by the steps of: 

(q) computing a change-sensitve transformation H of said 

message M; 
(r) generating an n-bit binary string 

Y = vi (i=l, , n), using the computed value 

of H; 

(s) computing 

Y « J [" Si (mod N) ; and 

Vi=l 

(t) appending Y as a message authentication code (MAC) 
certificate to said message M. 
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9. A method according to claim 8, character- 
ized in that said step of (q) computing said change- 
sensitive transformation H is effected by computing 
H = M e (mod N) . 

10. A method according to claim 8 or 9, char- 
acterized in that said step of (r) generating an n-bit 
binary string V is effected by the steps of: 
(u) converting H to a binary value J; 
(v) segmenting J into sub-fields of length n; and 
(w) adding together the individual sub-fields modulo 2 
to form said n-bit binary string V* 

11. A method according to any one of claims 5 

to 10, characterized in that r in said step (m) and said 

step (s) the value of Y is calculated according to the 

formula -j — p 

Y = S se f * ' Si (mod N) , 
Vi=l 

where S set is selected in said entity (30,30A); 
by the steps of 

(x) computing in said entity (30,30A) F se t = S se t e 
(mod N) , and 

(y) transmitting F se t to said authentication device 
(32,32A); 

and in that in said step Co) , the value of X re f is 
calculated according to the formula 

Xref = I I *x < mod N) • 

12. A method according to claim 11 , 
characterized in that S se t: is selected in accordance 
with a count value which is incremented for each Y 
caluculation. 



13. A method according to claim 12 , 
characterized in that S se t is determined by computing. 
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in said entity (30 r 30A), a product including a selection 
of a set S s i of said factors Si, said selection being in 
accordance with a binary string V s = v s £ generated in 
said entity (30,30A), whereby the value of Y is 
calculated according to the formula. 

Y = TT S fii . TT S ai (mod N) / 
vsi^l v ai=l 
wherein the v a i values corresponding to the bits of said 
n-bit binary string generated in said authentication 
device (32 f 32A); 
by the step of: 

(z) transmitting V s to said authentication device 

<31,32A) f and in that the value of X re f is calculated in 

said authentication device (32,32A) according to the 

formula — — — p — — 

X re f = I I Psi- 1 I F ai (mod N) . 
v s i =1 v ai =1 

14 . A method according to any one of claims 5 
to 13, characterized in that, in said step (m) and said 
step (s) , the value of Y is calculated utilizing 
selectively an additional predetermined factor S p , such 
that the total number of factors included in the 
calculation of Y is even, and in that, in said step (o) f 
the value of X re f is correspondingly calculated, 
utilizing selectively an additional factor F p , where 

S p « F p <3. 

15. An entity (30,30A), including processing 
means (36,36A) f input/output means (44,44A) and memory 
means (42,42A,42B> , characterized in that said memory 
means (42,42A,42B) has stored therein a modulus N which 
is the product of at least two prime numbers and a set 
of n factors <i=l, , n) where 

Si « Fi d (mod N) , 
where d is the secret key counterpart of a public key e, 
associated with the modulus N, and (i-1, ..•/ n) are 
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n public factors/ 0<Fi<N, and in that said processing 
means (36,36A) is adapted to compute 

Y = XX s i (mod N) 

Vi-1 

where V = is an n-bit binary string. 

16. An entity according to claim 15, 
characterized in that said memory means (42A,42B) is 
further adapted to store the value of said public key e 
and in that said processing means is further adapted to 
compute 

H = M e (mod N) 
where M is a message to be transmitted by said entity 
<30,30A) r to convert H to a binary n-bit vector V, and 
to compute 

Y = \ I Si (mod N) . 

v ± -l 

using the bits V£ of the computed vector V, and in that 
said input/output means (44,44A) is adapted to transmit 
Y as a message authentication code (MAC) associated with 
said message* 

17. An entity according to claim 15 or 16, 
characterized in that said memory means (42B) has stored 
therein a public factor Fxd unique to said entity, and a 
value Sjd, where 

S ID = F ID d (mod N) • 

18. An entity according to any one of claims 
15 to 17 , characterized in that the value of Y includes 
an additional factor S set which is dependent on a count 
value which is incremented for each Y calculation. 

19. An entity according to any one of claims 
15 to 18, characterized in that said memory means 
(42,42A,42B) has stored therein an additional parity 
factor Spr and in that said processing means (36,36A) is 
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adapted to compute the value of Y by selectively 
including said additional parity factor S p in the 
expression for Y, such that the total members of factors 
included in the calculation of Y is even, 

20- An authentication device (32, 32A) for use 
with an entity (30, 30A) according to any one of claims 
15 to 19, including further processing means (50, 50A) , 
further input/output means (64, 64A) and further memory 
means (52, 52A) r characterized in that said further 
memory means (52, 52A) has stored therein said n public 
factors Fi (i=l, n) , said modulus N, and said 

public key e, and wherein said further processing means 
(50, 50A) is adapted to compute 
X re f =TT (mod N) ; and 

Vi-1 

X act = Y e (mod N) 
using the stored values of Fj_, N and e, and to compare 

X re f with X aC f 

21. An authentication device according to 

claim 20 for use with an entity according to claim 17, 

characterized in that said further processing means is 

further adapted to compute 

Xref 88 F ID -TTfi (mod N) 
vi=l 

22. An entity according to any one of claims 
15 to 19, characterized in that said entity incorporates 
an authentication device according to claim 20 or claim 
21. 
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